Computers malfunction or crash when a program corrupts the random access memory (RAM) that is being used by another program. Memory corruption may be caused, for example, by one computer program overwriting a memory segment being used by another computer program. Memory may also be corrupted by computer viruses. To reduce the risk of memory corruption and computer viruses, computer operating systems typically employ “system pages” and “protection rings” to protect the memory being used by different computer programs. Operating systems also protect process memory through the use of “process private pages” which reduce the risk of one process corrupting memory in another process.
System pages and process private pages prevent processes from interfering with the memory spaces that belong to the system and other processes by employing a separate address for each memory space. However, each process sees the entire address space as being uniquely assigned to it. To ensure that processes do not interfere with one another, operating systems typically maintain page tables that map the memory spaces virtual address to its corresponding physical address.
A protection ring represents a layer of privilege within the computers architecture. The protection rings are arranged in a hierarchy from the most privileged and trusted ring (i.e., operating system kernel ring, hypervisor ring) to the least privileged and trusted ring (i.e., process or application ring). The inner ring “Ring 0” for the kernel or “Ring −1” for a hypervisor has the most privileges and interacts most directly with the physical hardware (i.e., CPU and memory). Special gates between the rings allow the outer rings (e.g., Rings, 1, 2, and 3) to access an inner ring's resources (e.g., Rings −1, 0, and 1) in a defined manner. Controlling or gating access between the rings improves security by preventing programs from one ring or privilege level from misusing the memory intended for another program.
Modern computer operating systems have linear addressing schemes in which each process has a virtual address space, typically referred to as “process private pages.” A page of computer memory is typically 4K bytes or larger in size. In comparison, most data structures range in size from a few bytes to a few hundred bytes. Accordingly, the memory protection techniques employed by current operating systems have relatively coarse granularity.
Although system pages and protection rings are routinely used to provide memory protection, they have significant disadvantages when concurrent or simultaneous processing is performed. For example, programs are typically allowed to share memory only if the memory region resides at a virtual address that is mapped to each processes' address space. Moreover, coarse granularity protection which operates at the page level (e.g., typically 4K bytes) is inefficient given that the most data structures only are a few bytes in size. Lastly, transferring control between software modules is burdensome since accesses to entire pages of memory are typically involved and the page may contain data in which protection should not be changed.
Accordingly, there is a need for an improved method for providing fine granularity memory protection without the burden of additional inter-process communication, the inefficiency of coarse granularity memory protection, and the burden of transferring control to entire pages of memory.